From Dwayne Wright PMP, PMI-ACP, CSM
Certified FileMaker Developer
One of your main objectives in database secure design is take sure it operates on a “need to know” basis. This means that only the people that need to access the database are the ones getting in and no one else. This means that the users only get to see the data they need to and that they can process information only in the ways they need to ( creating records, editing records, printing records and deleting records ).
Unauthorized access to database data can be a minor problem or potentially a major threat. It could be as simple as someone learning something about coworker they shouldn’t. It can be as drastic as someone stealing corporate secrets.
Another primary objectives in database secure design is make sure all the data in each record is correctly entered and processed. Data entered into the database that is fragmented, incomplete or incorrect can cripple a database. This can include something as simple as data entry mistakes ... to the more drastic example of sabotage.
The dangers to your FileMaker database cannot be stressed enough ... or ... can it? Any database has to deal with the possibility of unintentional damage and then the more dramatic intentional damage. To further define the treats, there are threats to the structure and threats to the data. For professional FileMaker developers, there is even the threat of losing your losing your hard earned design secrets.
UNINTENTIONAL DAMAGE - Is when a user makes a mistake or the database makes a mistake that does damage. Both of these threats can be reduced via education. Educating your users on how to enter in data correctly and how to properly use the other database elements. Many FileMaker solutions are poorly documented and this can definitely lead to problems.
FileMaker developers can also benefit from education. No FileMaker developer knows everything and this is particularly true for FileMaker. FileMaker 7, in particular, has a lot of changes and some of them take a little getting used to. It is not a bad idea to budget an amount of money to send FileMaker developers to the annual conference, training sites or self paced training aids.
INTENTIONAL DAMAGE - This can include hackers, that enjoy doing damage where they can. This isn’t a very common problem for us in the FileMaker world, most hackers don’t include FileMaker databases in their exploits. You generally find them in larger database systems and web sites. The more common intentional threat is from users that have a bone to pick with the company. This includes not only employees but ex-employees and third party vendors as well.
THREATS TO THE DATA - This is when data is incorrectly entered, incorrectly edited or incorrectly deleted. This can happen via a user interaction or can even happen with bugs with the database design. A script or auto enter calculation can cause data integrity problems and you may not notice it for days, weeks or even longer! Two of the most common threats here come from two great data entry aids ( Relookup and Replace commands). Remember when I was talking about the double edged sword?
THREATS TO THE STRUCTURE - This is when a FileMaker file is damaged or changed. Deleting a record would be a threat to data. Deleting a layout would be a threat to the structure. Your primary design structure is layouts, fields, scripts, relationships, value lists and security settings.
THREAT TO DESIGN SECRETS - This isn’t as widespread as other database products. FileMaker developers are generally a fairly open sort. However you could design a solution in FileMaker and sell the database as a product. In that case, you want to protect the hundreds of design hours that went into the database.
OTHER THREAT TYPES - I should also mention physical and network related threats. It is always possible that a network setting can allow people to see the database when they shouldn’t. We should also say that a FileMaker database isn’t very secure if the computer it resides upon is stolen.
More info about the author and FileMaker in general, contact me at firstname.lastname@example.org.
© 2007 - Dwayne Wright - dwaynewright.com
The material on this document is offered AS IS. There is NO REPRESENTATION OR WARRANTY, expressed or implied, nor does any other contributor to this document. WARRANTIES OF MERCHANT ABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY DISCLAIMED. Consequential and incidental damages are expressly excluded. FileMaker Pro is the registered trademark of FileMaker Inc.